fault tree analysis part 7 – common-mode failures
TRANSCRIPT
Fault Tree Analysis
Part 7 – Common-Mode Failures
THE COMMON–MODE FAILURES WITHIN FAULT TREES
S
1
2
3
SWITCH
PUMP 2
(STAND – BY)POWER 2
POWER 1
PUMP 1
(RUNNING)
Independent Power Source
PUMP 2
SPEED
S
PUMP 1
SPEED PUMP 1
MECH.
FAILURE
POWER 1
FAILURE
PO
WE
R 2
FA
ILU
RE
PU
MP
2 M
EC
H.
FA
ILU
RE
+10 0
10
0
(PU
MP
1 S
PE
ED
= -
10)
-1
SW
ITC
H S
TU
CK
2M
3M
1M
-10
-10
0
1
0
1
0
-10+1
+1
0
-10
+1
+1
0
+10
0
3M ( 10)
AND
G1
OR
P1 Mech Fail.
LocalPower 1Failure
64.97 1041.69 101/ 2.68 yrs.
3.97 hrs.
G2
Pump 1
Shut Down OR
P2MechFail.
LocalPower 2Faiture
SwitchStuck
G3 22.94 10
1/90.8 yrs.
3.95 hrs.
1/3.04 yrs.
4.64 wks.
Pump 2 NotStarted
1 2 3 4 5
41.67 10
1/3 yrs.
4 hrs.
62.3 10
1/ 25 yrs.
5 hrs.
33.8 10
1/5 yrs.
1 wk.
45.5 10
1/35 yrs.
1 wk.
22.5 10
1/10 yrs.
3 mo.
6
4 6 3 6 2
4 3 6 3
4 4 6 4
4 2 6 2
4.97 10
(1.67 10 2.3 10 ) (3.8 10 5.5 10 2.5 10 )
(1.67 10 ) (3.8 10 ) (2.3 10 ) (3.8 10 )
(1.67 10 ) (5.5 10 ) (2.3 10 ) (5.5 10 )
(1.67 10 ) (2.5 10 ) (2.3 10 ) (2.5 10 )
1 3 2 3 1 4 2 4 1 5 2 5PP P P +PP +P P +PP P P
THE COMMON–MODE FAILURES WITHIN FAULT TREES
S
1
2
3
SWITCH
PUMP 2
(STAND – BY)POWER 2
POWER 1
PUMP 1
(RUNNING)
Shared Power Source
PUMP 2
SPEED
S
PUMP 1
SPEED PUMP 1
MECH.
FAILURE
POWER 1
FAILURE
PO
WE
R 2
FA
ILU
RE
PU
MP
2 M
EC
H.
FA
ILU
RE
+10 0
10
0
(PU
MP
1 S
PE
ED
= -
10)
-1
SW
ITC
H S
TU
CK
2M
3M
1M
-10
-10
0
1
0
1
0
-10+1
+1
0
-10
+1
+1
0
+10
PO
WE
R 1
.
FA
ILU
RE
0
0
3M ( 10)
AND
G1
OR
P1 Mech Fail.
LocalPower 1Failure
64.97 1041.69 101/ 2.68 yrs.
3.97 hrs.
G2
Pump 1
Shut Down OR
P2MechFail.
LocalPower 2Faiture
SwitchStuck
G3 22.94 10
1/90.8 yrs.
3.95 hrs.
1/3.04 yrs.
4.64 wks.
Pump 2 NotStarted
1 2 3 4 5
41.67 10
1/3 yrs.
4 hrs.
62.3 10
1/ 25 yrs.
5 hrs.
33.8 10
1/5 yrs.
1 wk.
45.5 10
1/35 yrs.
1 wk.
22.5 10
1/10 yrs.
3 mo.
LocalPower 1Failure
2
GATE MIN CUT SETS
G2
G3
G1
(1) , (2)
(2) , (3) , (4) , (5)
(1 , 2) , (1 , 3) , (1 ,4) , (1 ,5)
(2 , 2) , (2 , 3) , (2 ,4) , (2 , 5)
(1 , 2) , (1 , 3) , (1 , 4) , (1 , 5)
(2) , (2 , 3) , (2 , 4) , (2 , 5)
3M ( 10)
OR
67.23 101/ 20 yrs.
1.27 hrs.
262.3 10 AND
6q 4.2 10
1/120 yrs.
4.4 hrs.
1 541.67 10 22.5 10
AND
76.4 101/ 20 yrs.
4.3 hrs.
1 341.67 10 33.8 10
AND
89.2 101/5333 yrs.
4.6 hrs.
1 441.67 10 45.5 10
COMP q-1(Yr )
1
2
3
4
5
41.67 1062.3 1033.8 1045.5 1022.5 10
1/3
1/25
1/5
1/35
1/10
4 Hr.
5 Hr.
1 Week
1 Week
3 Months
Cut Set KQ K
(2)
(1 , 3)
(1 , 4)
(1 , 5)
6
7
8
6
2.3 10
6.4 10
9.2 10
4.2 10
1 / 25 Yr.
1 / 762 Yr.
1 / 5333 Yr.
1 / 120 Yr.
TOP Event6
TOPQ 7.23 10
TOP1/ 20Yr.
UnavailabilityImportances
Q 6 6
(2)
Q
(1,3)
Q
(1,4)
Q
(1,5)
I 2.3 10 / 7.23 10 .32
I .088
I .0012
I .58
Q
1
Q
2
Q
3
Q
4
Q
5
I .669
I .32
I .088
I .0012
I .53
Unreliability Importances
R
(2)
R
(1,3)
R
(1,4)
R
(1,5)
1/ 25I 0.8
1/ 20I .026
I .004
I 0.167
R
1
R
2
R
3
R
4
R
5
I .197
I 0.8
I .026
I .004
I .167
DEFINITIONSCommon CauseA condition or event which causes multiple basic events in a fault tree.
Common-Mode Event
The basic events caused by the same common cause are called common–mode events of the cause.
Neutral EventFor a given common cause, a basic event is called a neutral event if it is independent of the cause.
Common–Mode Cut SetA cut set is called common–mode cut set when a common cause results in the co–occurrence of all events in the cut set.
CATEGORIES AND EXAMPLES OF COMMON CAUSES
Source Symbol Category Examples
Environment,
System Components,
or Subsystems
I Impact Pipe whip, water hammer, missiles, earthquake, structural failure
V Vibration Machinery in motion, earthquake P Pressure Explosion, out-of –tolerances system changes (pump overspeed,
flow blockage)
G Grit Airborne dust, metal fragments generated by moving parts with inadequate tolerances
S Stress Thermal stress at welds of dissimilar metals, thermal stresses and bending moments caused by high conductivity and density
T Temperature Fire, lightning, welding equipment, cooling system faults, electrical short circuits
E Loss of energy Common drive shaft, same power supply source
C Calibration Misprinted calibration instruction
F Manufacturer Repeated fabrication error, such as neglect to properly coat relay contacts. Poor workmanship. Damage during transportation.
Plant PersonnelIN Installation Same subcontractor or crew
M Maintenance Incorrect procedure, inadequately trained personnel
O Operator or operation Operator disabled or overstressed, faulty operating procedures
TS Test procedure Faulty test procedures which may affect all component normally tested together
Aging A Aging Components of same materials
Top event
2
1
4
5
6 3 12
8
2
7
6
2
5 10 9
2 11
3
1 4
2-out-of-3
Gate Y
2-out-of-3
Gate X
1
4 6 4 6 3 12 3 12
1
2-out-of-3 gate X
6
5 10 5 10 9
2
9
2
6
11 11
2-out-of-3 gate Y
102
5 6
104
3 4 12
199
9
101
1
10
106103
11
105 2
7 8
Common Causes, Domains, And Common–Mode Events Of Example
Category Common Cause Domain Common-Mode Events
ImpactI1I2I3
102, 104101, 103, 105 106
6, 31, 2, 7, 810
StressS1S2S3
103, 105, 106 199101, 102, 104
11, 2, 7, 1091, 4
TemperatureT1T2
106101, 102, 103,104, 105, 199
105, 11, 8, 12, 3, 4
VibrationV1V2
102, 104, 106,101, 103, 105, 199
5, 6, 107, 8
OperatorO1O2
AIIAII
1, 3, 125, 7, 10
Energy source
E1E2
AIIAII
2, 91, 12
Manufacturer F1 AII 2, 11
Installation
Contractor
IN1IN2IN3
AIIAIIAII
1, 126, 7, 103, 4, 5, 8, 9, 11
Test
procedure
TS1TS2
AIIAII
2, 114, 8
SHORT-CUT METHOD FOR OBTAINING COMMON– MODE CUT SETS IN A LARGE FAULT TREE
( )(1) (2)
MIN MIN MIN
TOP EVENT= CUT 1 CUT 2 ...... CUT ...
SET SET SET
MIN
where CUT A A ... A
SET
ni
i i i
i
i
If all the basic events in the ith set are the common-mode events of a common cause, then
jC
r r
MIN
P CUT P C
SETj
i
Otherwise,
( ) ( )1 2
r r
MIN
P CUT P C A A ...
SET
0
j j
j i ii
( Since multiple events appear in the set )
[EXAMPLE]( i ) common cause : O1
common-mode events : 1 , 3 , 12
neutral events : 2 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11
Gate X :
OR
N AND AND
1 3 12
N OR
3 2
AND
1 3 12
Gate Y :
OR
N AND AND
N OR
N N
OR N
N N
OR
N
T
AND
OR OR
AND OR
1 3 12 N AND
N N
N OR
3 1
T
AND
AND OR
1 3 12 1 3
Minimum cut set is { 1 , 3 , 12 }
{ 1 , 3 , 12 } is the common-mode cut set for the common cause O1.
( ii ) common cause : I3
common – mode events : 10
neutral events : 1 , 2 , ……, 9 , 11 , 12
There is no common – mode cut set for I3.
T
X
( iii ) In summary
Common Cause Common – mode Cut Set
I2
I2
S3
S1
T2
O1
{ 1 , 2 }
{ 1 , 7 , 8 }
{ 1 , 4 }
{ 2 , 10 , 11 }
{ 3 , 4 , 12 }
{ 1 , 3 , 12 }
CHAPTER FOUR
Probability Calculation
或然率之計算
RESULTS OF PROBABILITY
CALCULATIONS
1) The probability of the top event.
2) The “importance” of the cut sets and primal events.
概率計算之結果
PROBABILITY OF EVENTS CONNECTED
BY AN “AND” GATE
In general, if events X and Y are probabilistically dependent, then
P(X Y)=P(X Y)P(Y)
Where, is the probability that X occurs given that Y occurs.
If events X and Y are probabilistically independent, then
P(X Y)
P(X Y)=P(X)
P(X Y)=P(X)P(Y)and
Usually, it is assumed that the basic events in a fault tree are independent.
Thus,1 2 1 2
P(B B B ) P(B )P(B ) P(B )n n
PROBABILITY OF EVENTS CONNECTED
BY AN “OR” GATE
1 2 1 2
1 2
P(B B B ) 1 P(B B B )
1 [1 P(B )][1 P(B )] [1 P(B )]n n
n
2,n1 2 1 2 1 2
P(B B ) P(B ) P(B ) P(B )P(B )
3,n1 2 3 1 2 3
1 2 2 3 3 1
1 2 3
P(B B B ) P(B ) P(B ) P(B )
P(B )P(B ) P(B )P(B ) P(B )P(B )
P(B )P(B )P(B )
Note,
1 2 1 2 1 2P(B . .B ) P(B ) P(B ) 2P(B )P(B )EOR
PROBABILITY OF EVENTS CONNECTED
BY A m OUT OF n VOTING GATE
Assume
1 2P(B ) P(B ) P(B ) Q
n
thenkQ Q (1 Q)
nn k
systemk m
n
k
! =
!( )!
n n
k k n k
where
TRANSITION OF COMPONENT STATES
Normal
State
Failed
State
Component
fails
Component
is
repaired
Normal
State
continues
Failed
State
continues
TABLE 4.1 MORTALITY DATA
t = age in year; L(t) = number of living at age t
t L(t)
0
1
2
3
4
5
10
1,023,102
1,000,000
994,230
990,114
986,767
983,817
971,804
t
15
20
25
30
35
40
45
L(t)
962,270
951,483
939,197
924,609
906,554
883,342
852,554
t
50
55
60
65
70
75
80
L(t)
810,900
754,191
677,771
577,822
454,548
315,982
181,765
t L(t)
85
90
95
99
78,221
21,577
3,011
125
TABLE 4.2
t Age in Years
L(t) Number Living atAge t
L(t)R(t)=
NF(t)=1-R(t)
0 1 2 3 4 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 99100
1,023,1021,000,000 994,230 990,114 986,767 983,817 971,804 962,270 951,483 939,197 924,609 906,554 883,342 852,554 810,900 754,191 677,771 577,882 454,548 315,982 181,765 78,221 21,577 3,011 125 0
1.0.97740.97180.96780.96450.96160.94990.94050.93000.91800.90370.88610.86340.83330.79260.73720.66250.56480.44430.30880.17770.07650.02110.00290.0001 .0
0.0.02260.02820.03220.03550.03840.05010.05950.07000.08200.09630.11390.13660.16670.20740.26280.33750.43520.55570.69120.82230.92350.97890.99710.99991.
0 10 20 30 40 50 60 70 80 90 100
1.0
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
PSurvival distribution
Failur
e dist
ributio
n
Pro
babi
lity
of
Sur
viva
l R(t
) an
d D
eath
F(t
)
TABLE 4.3 FAILURE DENSITY FUNCTION f(t)
Age in Years ( ) ( )n t n t
No. of Failures(death)
2
( ) ( )( )
n t n tf t
N
2
( )( )
dF tf t
dt
0 1 2 3 4 510 152025303540455055606570758085909599100
23,102 5,770 4,116 3,347 2,950 12,013 9,534 10,787 12,286 14,588 18,055 23,212 30,788 41,654 56,709 76,420 99,889123,334138,566134,217103,554 56,634 18,566 2,886 125 0
0.022600.005640.004020.003270.002880.002350.001860.002110.002400.002850.003530.004540.006020.008140.011100.015000.019500.024100.027100.026200.020200.011100.003630.000710.00012
0.005400.004540.002840.003300.002870.001920.001980.002240.002590.003640.003930.004360.006370.009620.013670.018000.022000.024900.024600.019500.009700.00210 _- - -
20 40 60
20
40
60
80
80
100
120
140
100
Num
ber
of D
eath
s (t
hous
ands
)
Age in Years (t)
20 40 60
0.2
0.4
0.6
80
0.8
0.10
0.12
0.14
100 Age in Years (t)
Fai
lure
Den
sity
f (
t)
THE REPAIR - TO - FAILURE PROCESSES
Reliability, R(t)*
The probability that the component experiences no failure during the time interval (0, t), given that
the component was repaired at time zero.0
lim ( ) 1 lim ( ) 0t t
R t R t
Unreliability, F(t)*The probability that the component experiences the first failure during (0, t), given that it is repaired at time zero. Note, R(t) + F(t) = 1.
0lim ( ) 0 lim ( ) 1
t tF t F t
Failure Density, f(t)*
The probability that the component experiences a failure per unit time at time t, given that the component was repaired at time zero. ( )
( )dF t
f tdt
Note,
( ) ( ) ( ) ( )0
tF t f u du R t f u du
t
Failure Rate, r(t)*
The probability that the component experiences a failure per unit time at time t, given that
the component was repaired at time zero and has survival to time t.
( ) ( )( )
( ) 1 ( )
f t f tr t
R t F t
Mean Time to Failure, MTTF
( ) 0
MTTF tf t dt
R(t)+F(t) = 1
The component with a constant failure rate, r, is considered as good as new, if it is functioning.
t-dR/dtr(t) = R(t) = exp [- ( ) ]
0Rr u du
number of deaths during [t, t+ ] f (t)r(t)
number of survivals at age t R(t)
f(t) f(t)r(t)=
R(t) 1-F(t)
Age in
Years
No. of Failures
(death)
( )( )
1 ( )
f tr t
F t
0
1
2
3
4
5
10
15
20
25
30
35
23,102
5,770
4,116
3,347
2,950
12,013
9,543
10,787
12,286
14,588
18,055
23,212
0.02260
0.00570
0.00414
0.00338
0.00299
0.00244
0.00196
0.00224
0.00258
0.00311
0.00391
0.00512
Age in
Years
40
45
50
55
60
65
70
75
80
85
90
95
99
No. of Failures
(death)
30,788
41,654
56,709
76,420
99,889
123,334
138,566
134,217
103,554
56,634
18,566
2,886
125
( )( )
1 ( )
f tr t
F t
0.00697
0.00977
0.01400
0.02030
0.02950
0.04270
0.06100
0.08500
0.11400
0.14480
0.17200
0.24000
1.20000
20 40 60 80 100
0.05
0.1
0.15
0.2Early failures
Random failures
Wearout failuresF
ailu
re R
ate
r(t)
Failure rate r(t) versus t.
THE FAILURE-TO-REPAIR PROCESSES
Repair Probability, G(t) F(t)
The probability that repair is completed before time t, given that the component failed at time zero.
Note, G(t)=0 if the component is non-repairable.
Repair Density, g(t)( )
( )dG t
g tdt
Note, ( ) ( )
0
tG t g u du
Repair Rate, m(t)*
The probability that the components repaired per unit time at time t, given that the component failed at time zero and has been failed to time t. Note, m(t)=0 if the component is non-repairable.
Mean Time to Repair, MTTRM(t)=g(t)/(1-G(t))
( )
0MTTR tg t dt
* A component with a const repair rate has the same chance of being repaired whenever it is failed.
THE WHOLE PROCESS
[ EXAMPLE ]
6A(5)= 0.6
10Q(5)=1-A(5)=0.4
2 3(5) 0.2 (6) 0.3
10 100 3
(5) 0 (6) 0.310 102
(5) 0.3336
(5) 0u
6 (0,6) (t)dt
0
(0) 1 (1) 1 (5) 1
W
Availability, A(t) : The probability of a component being normal at t.
Unavailability, Q(t) : The probability of a component being failed at t.
Unconditional Failure Intensity, W(t) : The probability that a component fails per fails per
unit time at t.
Conditional Failure Intensity, : The proportion of the normal population that is expected
to fail per unit time at t.
( )t
Expected Number of Failures, 1 2
( , )W t t
2
1 2
1
( , ) ( )
tW t t t dt
t